by Neil MacDonald | January 4, 2011 | Comments Off on Improving Your 2011 Security Bang for the Buck: Patching Depth and Breadth
I am back from the holidays and was responding to some comments on my previous blog post on antivirus technologies and the shift to endpoint protection platforms where one of the readers had recommended disabling autorun on removable media for a quick win for information security. There are several things in information security that we can do that immediately provide more “security bang for the buck”.
Top of the list for 2011: Patching breadth and depth.
Improve your patching depth by not just focusing patching Windows and the base Microsoft applications. Patch all common desktop elements – Adobe, security agents, management agents, browsers (Firefox, Chrome, Safari), Skype, and perhaps even iTunes. If enough desktops run it, it will be targeted. On servers, extend to the web server, application server, database application etc if you haven’t already.
Improve your patching breadth by bringing the same level of process, metrics and discipline that we’ve had to develop out of necessity for Windows to other desktop, tablet and server OSs including Linux, Mac, Unix desktop and server. If you have a project to deploy iPads to part of your workforce, add iOS to the list.
Gartner research shows that 90% of successful attacks occur against previously known vulnerabilities for which a patch or secure configuration standard was already available. Let’s start 2011 by taking a closer look here. I’ll share some other ideas in the next few posts.
Category: application-security beyond-anti-virus endpoint-protection-platform information-security
Tags: apple best-practices defense-in-depth endpoint-protection-platform information-security security-no-brainer windows
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.